White House declassifies secretive cyber-security plan

Security experts often stress the urgency and importance of stronger collaboration between the private and public sectors if we hope to turn the tide against the growing number of cyber-threats on the nation’s economy and security.

So many were happy to hear the Obama administration’s top cyber-security official, Howard Schmidt, say in one of his first public addresses since he took the job last year that improving these partnerships will be a priority of his office.

And to that effect, Schmidt’s office declassified today some of the Comprehensive National Cybersecurity Initiative documents, a secretive plan drafted by the Bush administration detailing that administration’s strategy to protect the nation’s federal and commercial digital assets and improve intelligence exchanges with the private sector.

Schmidt outlined some of the White House’s cyber-security priorities during the second day of the RSA conference, an annual industry gathering of security professionals.

The documents offer general descriptions of the plan’s 12 initiatives and were published in the White House’s Web site. Among them, the documents discuss the need for a way for the private and public sector to share information regarding the protection of the nation’s critical infrastructure.

According to the New York Times, independent estimates say implementing the plan could cost as much as $40 billion in the next five years.

Since the existence of the document was revealed, privacy advocates have also raised concerns about the plan’s implementation and have pressured the government to see it. President Obama promised last year that he would appoint someone to ensure the plan is carried out without violating civil liberties.

Schmidt also promised during a Town Hall later on Tuesday that he and other government players in charge of technology and information issues at the federal level would consider “what is the impact on privacy and civil liberties on whatever we do” and make sure security enhances – not stifles – innovation.

Schmidt said the documents were being released for the sake of transparency and added that he hoped the move would help bring the general public and security experts into the discussion of how to better protect the country’s digital resources.

“Collective knowledge is the most powerful tool that we have” against cyber-threats, Schmidt said.

Other priorities Schmidt outlined were:

+ Updating the nation’s cyber-security strategy to account for some of the more recent critical cyber-vulnerabilities. + Revising federal security compliance standards that organizations are required to meet. Many security experts have criticized them saying that being compliant doesn’t always mean being secure. + Improving security awareness and coordination among federal agencies. + Improving the country’s cyber-response plan and, as part of that, the private sector’s access to the government. + Addressing the need for an international cyber-security policy that fleshes out the law enforcement and diplomatic rules of engagement between nations.